Hacking groups using names like Cozy Bear and Fancy Bear, and pseudonymous individuals like Guccifer 2.0, are not just targeting the U.S., but are also going after any entity that obstructs the interests of Russia’s government.

What is Russia trying to do with its hacking efforts? Who are the people doing this? How do we know they’re working for Russia, and how closely tied are they to the government? As scholars of Russian cyber-conflict and information warfare, we have learned that this is just Russia’s most recent digital effort to benefit its national interests.

Given the DNC and DCCC hacks, it seems that Russian hackers are targeting only Clinton and the Democrats. There is evidence that the Republican National Committee was hacked as well, but no documents obtained have yet been made public. Furthermore, the U.S. affiliates of Russian state-owned media outlets such as RT (formerly Russia Today) and Sputnik daily report negative stories about Clinton and upbeat stories about Trump.

Using information as a support for domestic political systems led to its use as a lever in foreign affairs and a weapon in military conflict. That did not disappear with the dissolution of the Soviet Union. Rather, decades-old methods have been used in new ways.

A year later, Russia brought information warfare to its conflict with Georgia. Targeting Georgian communications, both online and physically, its efforts were not only aimed at providing an advantage for troops on the ground. They also had the goal of preventing the spread of objections to Russia’s forcible annexation of the Georgian territories of Abkhazia and South Ossetia. Word got out anyway.

For example, many people still question the “Western” version of the Malaysia Airlines 17 plane crash, which pins the blame on Russia or the Kremlin-backed separatists in Ukraine. This skepticism is an effect of Russian propaganda. While the Russian versions have failed to convince most people, they still have spread doubts about who actually shot down the airliner in 2014.

As with the Malaysia Airlines 17 narrative, credibility is not always Russia’s main goal. Rather, it’s just trying to spread distrust of official viewpoints, particularly those coming from the EU or NATO. With any Western fringe group Russia can attract, it is attempting to stall Western decisions, sow discontent and distrust, and draw apart societies and partnerships.

We are now seeing this tactic making inroads in the American political discourse. For example, the DNC emails released by WikiLeaks showed party leaders’ prejudices against insurgent candidate Bernie Sanders, and their efforts to divert DNC funds to help Clinton win the nomination.

Although the revelations don’t disclose anything illegal, the popular narrative from many U.S. media outlets was that the DNC unduly influenced the outcome of the primary. That divided the Democratic Party, potentially giving Trump an advantage.

Similarly, recent DCCC voting list releases shouldn’t have any direct effect on the electoral outcomes in November, but spread doubt about the legitimacy of the election. There’s also no way to say whether it worked – if Trump ends up winning, it’ll be impossible to say any of these leaks was the cause.

Ties to the Russian government

There are some advantages to taking on adversaries in cyberspace, rather than the physical world. It is less costly in terms of risk and escalation: Conventional espionage would require physical infiltrations and, if caught, could spark an escalating crisis between Russia and the U.S. Cyberspace is also relatively ungoverned by international law and a much easier place to achieve plausible deniability.

Despite evidence to the contrary, the Russian government has denied any involvement or collusion with Cozy Bear, Fancy Bear, Guccifer 2.0, the Dukes and Quedagh. Usually malicious nonstate group cyberattackers are motivated by money – but these groups and individuals seem to be focused on stealing information that could be used geopolitically against Russia’s adversaries. That suggests a direct connection to the Russian government.

Key to stopping these incursions will be improving American cyber-hygiene practices, building more resilient networks throughout the public and private sectors and promoting international cyber-norms. Therefore, perhaps contrary to the sophisticated cyberattacks it has launched in the past, the U.S. must cooperate with international efforts to improve global cybersecurity.